Security Audit
godial-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
godial-automation received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned MCP Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned MCP Dependency The skill declares a dependency on the 'rube' MCP without specifying a version or a specific immutable identifier. This means the skill will always rely on the latest version of the 'rube' MCP service. If the 'rube' MCP undergoes breaking changes, introduces unexpected behavior, or is compromised with a malicious update, this skill would be immediately affected without any control over the specific version of the external service it relies on. This introduces a supply chain risk. If the platform supports it, specify a version or a more specific, immutable identifier for the 'rube' MCP dependency in the manifest. This would allow the skill to pin to a known good version of the MCP, mitigating risks from unexpected updates or compromises of the MCP service. If direct pinning isn't supported, be aware of the inherent risks of relying on dynamically updated external services. | Static | SKILL.md:4 |
Scan History
Embed Code
[](https://skillshield.io/report/d8cb13e3cd287f5a)
Powered by SkillShield